Source release v3.2.0
This commit is contained in:
Gene Morgan
@@ -5,6 +5,8 @@
|
||||
#include "file_store.h"
|
||||
#include "license_protocol.pb.h"
|
||||
#include "log.h"
|
||||
#include "properties.h"
|
||||
#include "service_certificate.h"
|
||||
#include "string_conversions.h"
|
||||
#include "wv_cdm_constants.h"
|
||||
|
||||
@@ -21,11 +23,11 @@ const std::string kProvisioningServerUrl =
|
||||
|
||||
namespace wvcdm {
|
||||
// Protobuf generated classes.
|
||||
using video_widevine_server::sdk::ClientIdentification;
|
||||
using video_widevine_server::sdk::ProvisioningOptions;
|
||||
using video_widevine_server::sdk::ProvisioningRequest;
|
||||
using video_widevine_server::sdk::ProvisioningResponse;
|
||||
using video_widevine_server::sdk::SignedProvisioningMessage;
|
||||
using video_widevine::ClientIdentification;
|
||||
using video_widevine::ProvisioningOptions;
|
||||
using video_widevine::ProvisioningRequest;
|
||||
using video_widevine::ProvisioningResponse;
|
||||
using video_widevine::SignedProvisioningMessage;
|
||||
|
||||
/*
|
||||
* This function converts SignedProvisioningRequest into base64 string. It then
|
||||
@@ -48,6 +50,76 @@ void CertificateProvisioning::ComposeJsonRequestAsQueryString(
|
||||
request->assign(message_b64);
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the ClientIdentification message token type for provisioning request.
|
||||
* NOTE: a DRM Cert should never be presented to the provisioning server.
|
||||
*/
|
||||
bool CertificateProvisioning::GetProvisioningTokenType(
|
||||
ClientIdentification::TokenType* token_type) {
|
||||
switch (crypto_session_.GetPreProvisionTokenType()) {
|
||||
case kClientTokenKeybox:
|
||||
*token_type = ClientIdentification::KEYBOX;
|
||||
return true;
|
||||
case kClientTokenOemCert:
|
||||
*token_type = ClientIdentification::OEM_DEVICE_CERTIFICATE;
|
||||
return true;
|
||||
case kClientTokenDrmCert:
|
||||
default:
|
||||
// shouldn't happen
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Fill in the appropriate SPOID (Stable Per-Origin IDentifier) option.
|
||||
* One of spoid, provider_id or stable_id will be passed to the provisioning
|
||||
* server for determining a unique per origin ID for the device.
|
||||
* It is also valid (though deprecated) to leave the settings unset.
|
||||
*/
|
||||
bool CertificateProvisioning::SetSpoidParameter(
|
||||
const std::string& origin, const std::string& spoid,
|
||||
ProvisioningRequest* request) {
|
||||
if (!request) {
|
||||
LOGE("CertificateProvisioning::SetSpoidParameter : No request buffer "
|
||||
"passed to method.");
|
||||
return false;
|
||||
}
|
||||
if (!spoid.empty()) {
|
||||
// Use the SPOID that has been pre-provided
|
||||
request->set_spoid(spoid);
|
||||
} else if (Properties::UseProviderIdInProvisioningRequest()) {
|
||||
if (service_certificate_->HasProviderId()) {
|
||||
request->set_provider_id(service_certificate_->provider_id());
|
||||
} else {
|
||||
LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting "
|
||||
"provider ID");
|
||||
return false;
|
||||
}
|
||||
} else if (origin != EMPTY_ORIGIN) {
|
||||
// Legacy behavior - Concatenate Unique ID with Origin
|
||||
std::string device_unique_id;
|
||||
if (!crypto_session_.GetDeviceUniqueId(&device_unique_id)) {
|
||||
LOGE("CertificateProvisioning::SetSpoidParameter: Failure getting "
|
||||
"device unique ID");
|
||||
return false;
|
||||
}
|
||||
request->set_stable_id(device_unique_id + origin);
|
||||
} // No else clause, by design. It is valid to do nothing.
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the provisioning protocol version - dictated by OEMCrypto
|
||||
* support for OEM certificates.
|
||||
*/
|
||||
SignedProvisioningMessage::ProtocolVersion
|
||||
CertificateProvisioning::GetProtocolVersion() {
|
||||
if (crypto_session_.GetPreProvisionTokenType() == kClientTokenOemCert)
|
||||
return SignedProvisioningMessage::VERSION_3;
|
||||
else
|
||||
return SignedProvisioningMessage::VERSION_2;
|
||||
}
|
||||
|
||||
/*
|
||||
* Composes a device provisioning request and output the request in JSON format
|
||||
* in *request. It also returns the default url for the provisioning server
|
||||
@@ -58,7 +130,8 @@ void CertificateProvisioning::ComposeJsonRequestAsQueryString(
|
||||
CdmResponseType CertificateProvisioning::GetProvisioningRequest(
|
||||
SecurityLevel requested_security_level, CdmCertificateType cert_type,
|
||||
const std::string& cert_authority, const std::string& origin,
|
||||
CdmProvisioningRequest* request, std::string* default_url) {
|
||||
const std::string& spoid, CdmProvisioningRequest* request,
|
||||
std::string* default_url) {
|
||||
if (!default_url) {
|
||||
LOGE("GetProvisioningRequest: pointer for returning URL is NULL");
|
||||
return CERT_PROVISIONING_REQUEST_ERROR_1;
|
||||
@@ -66,22 +139,44 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
|
||||
|
||||
default_url->assign(kProvisioningServerUrl);
|
||||
|
||||
CdmResponseType sts = crypto_session_.Open(requested_security_level);
|
||||
if (NO_ERROR != sts) {
|
||||
CdmResponseType status = crypto_session_.Open(requested_security_level);
|
||||
if (NO_ERROR != status) {
|
||||
LOGE("GetProvisioningRequest: fails to create a crypto session");
|
||||
return sts;
|
||||
return status;
|
||||
}
|
||||
|
||||
// Prepares device provisioning request.
|
||||
// Prepare device provisioning request.
|
||||
ProvisioningRequest provisioning_request;
|
||||
ClientIdentification* client_id = provisioning_request.mutable_client_id();
|
||||
client_id->set_type(ClientIdentification::KEYBOX);
|
||||
std::string token;
|
||||
if (!crypto_session_.GetToken(&token)) {
|
||||
LOGE("GetProvisioningRequest: fails to get token");
|
||||
return CERT_PROVISIONING_GET_KEYBOX_ERROR_1;
|
||||
ClientIdentification* client_id = provisioning_request.mutable_client_id();
|
||||
ClientIdentification::TokenType token_type;
|
||||
|
||||
if (!GetProvisioningTokenType(&token_type)) {
|
||||
LOGE("GetProvisioningRequest: bad token type");
|
||||
return CERT_PROVISIONING_CLIENT_TOKEN_ERROR_1;
|
||||
}
|
||||
if (!crypto_session_.GetProvisioningToken(&token)) {
|
||||
LOGE("GetProvisioningRequest: failure getting provisioning token");
|
||||
return CERT_PROVISIONING_CLIENT_TOKEN_ERROR_2;
|
||||
}
|
||||
client_id->set_token(token);
|
||||
client_id->set_type(token_type);
|
||||
|
||||
#if 0 // TODO(gmorgan) in progress - encrypt ClientIdentification.
|
||||
if (service_certificate_->HasCertificate()) {
|
||||
EncryptedClientIdentification* encrypted_client_id =
|
||||
provisioning_request->mutable_encrypted_client_id();
|
||||
CdmResponseType status;
|
||||
status = service_certificate_->EncryptClientId(&crypto_session_, client_id,
|
||||
encrypted_client_id);
|
||||
if (status == NO_ERROR) {
|
||||
provisioning_request->clear_client_id();
|
||||
} else {
|
||||
provisioning_request->clear_encrypted_client_id();
|
||||
}
|
||||
return status;
|
||||
}
|
||||
#endif
|
||||
|
||||
uint32_t nonce;
|
||||
if (!crypto_session_.GenerateNonce(&nonce)) {
|
||||
@@ -98,12 +193,11 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
|
||||
switch (cert_type) {
|
||||
case kCertificateWidevine:
|
||||
options->set_certificate_type(
|
||||
video_widevine_server::sdk::
|
||||
ProvisioningOptions_CertificateType_WIDEVINE_DRM);
|
||||
video_widevine::ProvisioningOptions_CertificateType_WIDEVINE_DRM);
|
||||
break;
|
||||
case kCertificateX509:
|
||||
options->set_certificate_type(
|
||||
video_widevine_server::sdk::ProvisioningOptions_CertificateType_X509);
|
||||
video_widevine::ProvisioningOptions_CertificateType_X509);
|
||||
break;
|
||||
default:
|
||||
LOGE("GetProvisioningRequest: unknown certificate type %ld", cert_type);
|
||||
@@ -113,13 +207,8 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
|
||||
cert_type_ = cert_type;
|
||||
options->set_certificate_authority(cert_authority);
|
||||
|
||||
if (origin != EMPTY_ORIGIN) {
|
||||
std::string device_unique_id;
|
||||
if (!crypto_session_.GetDeviceUniqueId(&device_unique_id)) {
|
||||
LOGE("GetProvisioningRequest: fails to get device unique ID");
|
||||
return CERT_PROVISIONING_GET_KEYBOX_ERROR_2;
|
||||
}
|
||||
provisioning_request.set_stable_id(device_unique_id + origin);
|
||||
if (!SetSpoidParameter(origin, spoid, &provisioning_request)) {
|
||||
return CERT_PROVISIONING_GET_KEYBOX_ERROR_2;
|
||||
}
|
||||
|
||||
std::string serialized_message;
|
||||
@@ -140,6 +229,7 @@ CdmResponseType CertificateProvisioning::GetProvisioningRequest(
|
||||
SignedProvisioningMessage signed_provisioning_msg;
|
||||
signed_provisioning_msg.set_message(serialized_message);
|
||||
signed_provisioning_msg.set_signature(request_signature);
|
||||
signed_provisioning_msg.set_protocol_version(GetProtocolVersion());
|
||||
|
||||
std::string serialized_request;
|
||||
signed_provisioning_msg.SerializeToString(&serialized_request);
|
||||
@@ -256,6 +346,9 @@ CdmResponseType CertificateProvisioning::HandleProvisioningResponse(
|
||||
return NO_ERROR;
|
||||
}
|
||||
|
||||
// This is the entire certificate (SignedDrmDeviceCertificate).
|
||||
// This will be stored to the device as the final step in the device
|
||||
// provisioning process.
|
||||
const std::string& device_certificate =
|
||||
provisioning_response.device_certificate();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user